Senior Risk & amp ; Resilience Consultant , Information Security ( Associate )

We have an exciting, permanent opportunity for a Senior Risk & Resilience Consultant / Information Security Consultant & Manager (Associate level) to join any of our 11 UK offices (hybrid working) as we continue to grow following the Howden acquisition.

You’ll provide day to day leadership within a growing and fast paced consultancy environment, ensuring the security team delivers high quality, responsive services to both internal stakeholders and clients. This role includes full line management responsibilities, such as setting clear objectives, holding regular one-to-one meetings, supporting professional development, and managing performance in a constructive and accountable manner. You will coordinate workloads across multiple concurrent client engagements, mentor team members, and foster a collaborative, solutions focused culture. You will also work closely with other areas of the organisation including data privacy, business continuity, and enterprise risk to ensure a cohesive and aligned approach to assurance.

In addition to leadership responsibilities, this position is hands on and client facing. You will guide organisations through the implementation and internal audit of ISO/IEC 27001, support them through the Cyber Essentials certification process, and help embed effective security awareness across their business. You’ll also assist clients in assessing and managing third party security risks, responding to assurance requests, and making well informed risk decisions.

A key requirement of the role is the ability to communicate information security risks clearly and meaningfully, translating technical issues into business focused impacts that enable stakeholders to make confident, informed decisions.

• Lead and support clients through ISO/IEC 27001 implementation, from gap analysis to certification readiness
• Plan and deliver internal ISO/IEC 27001 audits and recommend practical improvements
• Guide organisations through Cyber Essentials and Cyber Essentials Plus certification
• Develop and improve proportionate information security policies, processes, and controls
• Explain information security risks in clear, businessfocused terms, linking technical issues to realworld impact
• Deliver tailored security training and awareness sessions for technical and nontechnical audiences
• Support clients during information security incidents, advising on containment, next steps, and reporting
• Assist with thirdparty security assessments, including supplier reviews, customer questionnaires, and assurance guidance
• Manage security projects, including planning, monitoring progress, and managing risks
• Act as a trusted advisor, translating security requirements into actionable business recommendations
• Facilitate workshops and meetings with stakeholders at all levels
• Produce clear, wellstructured documentation and reports
• Support ongoing improvement of clients’ information security management practices

Line Management Responsibilities

• Provide day to day leadership to the security team in a fast-paced consultancy environment
• Set objectives, hold regular one to ones, and manage performance and development
• Mentor team members and provide quality assurance on deliverables
• Allocate workloads across multiple client engagements to maintain high quality delivery
• Foster a supportive, collaborative, practical and delivery focused team culture
• Support recruitment, onboarding, and capability development
  

• Proven experience implementing ISO/IEC 27001 as a consultant
• Experience conducting or supporting internal ISO/IEC 27001 audits
• Practical experience guiding organisations through Cyber Essentials and/or Cyber Essentials Plus
• Ability to deliver effective information security training and awareness sessions
• Experience supporting or responding to third party security assessments
• Strong ability to explain security risks in clear, business focused terms
• Solid understanding of information security risk management and controls
• Confident managing projects, timelines, and stakeholder expectations
• Excellent written and verbal communication skills
• Ability to engage and influence stakeholders at all levels, including senior leadership
• Demonstrated line management and leadership capability, including mentoring, performance management, and team development

• Experience with data protection and privacy, such as UK GDPR or EU GDPR
• Experience supporting organisations during security incidents or data breaches
• Experience assessing supplier risk or working with vendor risk management processes
• Experience with supporting organisations with Business Continuity planning (ISO 22301)
• Relevant certifications (e.g. ISO 27001 Lead Implementer, Lead Auditor, Cyber Essentials Assessor, CISM, CISSP)

What's in it for you:

• Competitive discretionary annual bonus.
• Core benefits paid for by BW including life assurance, group income protection, private medical cover and 25 days holiday per year with holiday trading.
• A generous pension scheme where we contribute 8% of your salary from day one of your employment.
• Employee Assistance Programme to support you and your family through any concerns or challenges you may experience.
• A comprehensive range of voluntary benefits to suit you (and your family) including an electric car leasing scheme, tech scheme, cycle to work scheme, dental cover, healthcare cash plan, health assessments, critical illness cover, extension of private medical cover or life assurance to family members